From 39a33f34e5229f10b06629515bea69ff03b997f4 Mon Sep 17 00:00:00 2001 From: "ctrlaltca@gmail.com" <> Date: Sun, 26 Jun 2011 21:58:28 +0000 Subject: test patch for #243 --- framework/Web/THttpUtility.php | 16 ++++++++++++++-- framework/Web/UI/THtmlWriter.php | 40 ++++++---------------------------------- 2 files changed, 20 insertions(+), 36 deletions(-) (limited to 'framework/Web') diff --git a/framework/Web/THttpUtility.php b/framework/Web/THttpUtility.php index 6a39b91f..0e81af56 100644 --- a/framework/Web/THttpUtility.php +++ b/framework/Web/THttpUtility.php @@ -4,7 +4,7 @@ * * @author Qiang Xue * @link http://www.pradosoft.com/ - * @copyright Copyright © 2005-2011 PradoSoft + * @copyright Copyright © 2005-2011 PradoSoft * @license http://www.pradosoft.com/license/ * @version $Id$ * @package System.Web @@ -22,12 +22,13 @@ class THttpUtility { private static $_encodeTable=array('<'=>'<','>'=>'>','"'=>'"'); private static $_decodeTable=array('<'=>'<','>'=>'>','"'=>'"'); + private static $_stripTable=array('<'=>'','>'=>'','"'=>''); /** * HTML-encodes a string. * This method translates the following characters to their corresponding * HTML entities: <, >, " - * Note, unlike {@link htmlspeicalchars}, & is not translated. + * Note, unlike {@link htmlspecialchars}, & is not translated. * @param string string to be encoded * @return string encoded string */ @@ -46,5 +47,16 @@ class THttpUtility { return strtr($s,self::$_decodeTable); } + + /** + * This method strips the following characters from a string: + * HTML entities: <, >, " + * @param string string to be encoded + * @return string encoded string + */ + public static function htmlStrip($s) + { + return strtr($s,self::$_stripTable); + } } diff --git a/framework/Web/UI/THtmlWriter.php b/framework/Web/UI/THtmlWriter.php index beb439b8..80dcbc6e 100644 --- a/framework/Web/UI/THtmlWriter.php +++ b/framework/Web/UI/THtmlWriter.php @@ -57,34 +57,6 @@ class THtmlWriter extends TApplicationComponent implements ITextWriter 'meta'=>true, 'wbr'=>true, ); - /** - * @var array list of attributes that need HTML encoding - */ - private static $_attrEncode=array( - 'abbr'=>true, - 'accesskey'=>true, - 'alt'=>true, - 'axis'=>true, - 'background'=>true, - 'class'=>true, - 'content'=>true, - 'headers'=>true, - 'href'=>true, - 'longdesc'=>true, - 'onclick'=>true, - 'onchange'=>true, - 'src'=>true, - 'title'=>true, - 'label'=>true, - 'value'=>true - ); - /** - * @var array list of stylesheet attributes that need HTML encoding - */ - private static $_styleEncode=array( - 'background-image'=>true, - 'list-style-image'=>true - ); /** * @var array list of attributes to be rendered for a tag */ @@ -127,7 +99,7 @@ class THtmlWriter extends TApplicationComponent implements ITextWriter public function addAttributes($attrs) { foreach($attrs as $name=>$value) - $this->_attributes[$name]=isset(self::$_attrEncode[$name])?THttpUtility::htmlEncode($value):$value; + $this->_attributes[THttpUtility::htmlStrip($name)]=THttpUtility::htmlEncode($value); } /** @@ -137,7 +109,7 @@ class THtmlWriter extends TApplicationComponent implements ITextWriter */ public function addAttribute($name,$value) { - $this->_attributes[$name]=isset(self::$_attrEncode[$name])?THttpUtility::htmlEncode($value):$value; + $this->_attributes[THttpUtility::htmlStrip($name)]=THttpUtility::htmlEncode($value); } /** @@ -146,7 +118,7 @@ class THtmlWriter extends TApplicationComponent implements ITextWriter */ public function removeAttribute($name) { - unset($this->_attributes[$name]); + unset($this->_attributes[THttpUtility::htmlStrip($name)]); } /** @@ -156,7 +128,7 @@ class THtmlWriter extends TApplicationComponent implements ITextWriter public function addStyleAttributes($attrs) { foreach($attrs as $name=>$value) - $this->_styles[$name]=isset(self::$_styleEncode[$name])?THttpUtility::htmlEncode($value):$value; + $this->_styles[THttpUtility::htmlStrip($name)]=THttpUtility::htmlEncode($value); } /** @@ -166,7 +138,7 @@ class THtmlWriter extends TApplicationComponent implements ITextWriter */ public function addStyleAttribute($name,$value) { - $this->_styles[$name]=isset(self::$_styleEncode[$name])?THttpUtility::htmlEncode($value):$value; + $this->_styles[THttpUtility::htmlStrip($name)]=THttpUtility::htmlEncode($value); } /** @@ -175,7 +147,7 @@ class THtmlWriter extends TApplicationComponent implements ITextWriter */ public function removeStyleAttribute($name) { - unset($this->_styles[$name]); + unset($this->_styles[THttpUtility::htmlStrip($name)]); } /** -- cgit v1.2.3